Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c6c8c2c8-2610-4b46-9e55-67c12ceccbbe.roa
File:                     c6c8c2c8-2610-4b46-9e55-67c12ceccbbe.roa (raw, json)
Hash identifier:          qDxQc01KV+2RkyeRRYMlA85tKGNJavhuFNJpXvRNfK0=
Subject key identifier:   8A:0B:85:48:BD:83:E4:38:D3:EE:C1:32:A5:96:E6:6F:41:3F:52:4F
Certificate issuer:       /CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
Certificate serial:       1796B6E0BCB01C1AA9B7608138B232303911506A
Authority key identifier: 97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c6c8c2c8-2610-4b46-9e55-67c12ceccbbe.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        240f:80fe:8000::/40 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:96:b6:e0:bc:b0:1c:1a:a9:b7:60:81:38:b2:32:30:39:11:50:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CD28A0000/serialNumber=97EBF348F376B867FC76B2B2B91078C3DD494883
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=a9672e95c2b6f9e3bf877fd6e278945538bc653f14cf0cf7aca20e8b0f5368b8, CN=4257e925-715f-47a2-893e-0e3f97ec7e22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:05:a0:b6:d0:46:d8:d3:d0:40:e7:46:f6:20:
                    72:d3:71:72:01:68:b6:aa:14:af:ed:49:7a:6f:28:
                    8b:83:d4:97:8e:60:17:91:1e:10:df:65:fc:a5:8f:
                    31:ba:30:58:fc:81:ba:e6:29:a6:86:6a:c9:56:fb:
                    59:2f:33:e9:42:dd:e2:50:33:6e:58:26:b6:34:99:
                    ce:4c:d8:c8:cd:7c:a9:28:ac:8d:42:dc:9e:c7:2d:
                    ea:34:0c:28:e0:ef:19:58:e0:fa:1c:7a:7e:9c:f5:
                    4d:eb:ff:3f:b2:d1:c6:4c:11:be:44:b3:9c:5f:d4:
                    f6:54:dd:11:0e:ea:13:aa:08:e4:a1:76:f3:dc:21:
                    cd:6f:1a:62:af:14:24:71:25:7d:4d:28:46:aa:ce:
                    97:08:8a:12:11:0f:94:8d:aa:8a:02:8e:1f:7d:f8:
                    45:d7:0e:97:19:b0:13:54:cc:93:8f:4b:97:64:f4:
                    8e:28:2e:13:5e:55:d1:22:49:d3:df:9b:32:a2:0d:
                    91:d7:98:ab:b2:d5:2f:8d:0e:5a:d5:01:38:07:9d:
                    f1:10:66:1d:ab:71:b4:8a:f5:c8:9b:6d:ae:57:9b:
                    4b:a9:0d:e0:74:82:be:a7:a3:75:ef:77:83:77:9c:
                    9f:0a:8d:d9:b2:7f:ee:66:f1:06:10:8b:52:fd:2f:
                    0c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:0B:85:48:BD:83:E4:38:D3:EE:C1:32:A5:96:E6:6F:41:3F:52:4F
            X509v3 Authority Key Identifier:
                keyid:97:EB:F3:48:F3:76:B8:67:FC:76:B2:B2:B9:10:78:C3:DD:49:48:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/l-vzSPN2uGf8drKyuRB4w91JSIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/c6c8c2c8-2610-4b46-9e55-67c12ceccbbe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/c3cd7c24-12cb-4abc-8fd2-5e2bcbb85ae6/90ca90a9-a10a-44e7-82b9-1365746ba55e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240f:80fe:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         31:dc:40:1e:53:af:cd:2c:5b:63:95:1a:79:9e:10:1e:16:80:
         ba:79:ca:1b:6c:6c:0e:26:b5:03:5c:f7:44:3b:67:09:84:92:
         7f:ed:0b:38:11:af:32:88:55:61:87:10:c1:bc:83:5c:d9:8c:
         37:de:59:1f:63:62:d8:b1:64:53:bd:81:87:7f:a7:58:9d:ad:
         2b:59:55:30:c7:9a:69:b2:05:96:2e:dc:dc:1c:54:c1:d2:67:
         96:39:14:92:18:b6:ba:d8:d1:3e:29:fb:a5:65:8d:5f:12:93:
         ba:1b:13:19:62:05:2e:98:71:15:99:c2:c8:fb:e5:22:f4:a9:
         74:cb:69:01:a5:d1:39:ae:29:58:67:39:9a:12:9c:4b:50:86:
         2f:39:39:b8:4f:cc:0d:ad:b6:dc:0d:5c:1b:f5:ce:93:72:29:
         56:6a:85:d9:f1:f4:29:77:d7:62:4f:94:0b:77:57:35:12:9d:
         2c:01:18:33:7b:9d:7d:4e:3f:5a:9f:8d:63:5a:fc:44:42:cf:
         69:9c:db:f7:ac:19:03:f4:16:31:60:84:02:87:c0:06:05:db:
         5d:e3:67:fb:26:f3:98:01:22:f3:66:28:4c:90:af:37:08:cb:
         7a:32:51:b4:74:2f:7a:14:14:4b:7c:e3:5d:f9:0f:b1:82:2a:
         69:cb:f4:80
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUF5a24LywHBqpt2CBOLIyMDkRUGowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxQ0QyOEEwMDAwMTEwLwYDVQQFEyg5N0VCRjM0OEYz
NzZCODY3RkM3NkIyQjJCOTEwNzhDM0RENDk0ODgzMB4XDTI1MDExMTAwMDAwMFoX
DTI1MDIxNTIzNTk1OVowejFJMEcGA1UEBRNAYTk2NzJlOTVjMmI2ZjllM2JmODc3
ZmQ2ZTI3ODk0NTUzOGJjNjUzZjE0Y2YwY2Y3YWNhMjBlOGIwZjUzNjhiODEtMCsG
A1UEAxMkNDI1N2U5MjUtNzE1Zi00N2EyLTg5M2UtMGUzZjk3ZWM3ZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAWgttBG2NPQQOdG9iBy03FyAWi2
qhSv7Ul6byiLg9SXjmAXkR4Q32X8pY8xujBY/IG65immhmrJVvtZLzPpQt3iUDNu
WCa2NJnOTNjIzXypKKyNQtyexy3qNAwo4O8ZWOD6HHp+nPVN6/8/stHGTBG+RLOc
X9T2VN0RDuoTqgjkoXbz3CHNbxpirxQkcSV9TShGqs6XCIoSEQ+UjaqKAo4fffhF
1w6XGbATVMyTj0uXZPSOKC4TXlXRIknT35syog2R15irstUvjQ5a1QE4B53xEGYd
q3G0ivXIm22uV5tLqQ3gdIK+p6N173eDd5yfCo3Zsn/uZvEGEItS/S8MOwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFIoLhUi9g+Q40+7BMqWW5m9BP1JPMB8GA1UdIwQY
MBaAFJfr80jzdrhn/HaysrkQeMPdSUiDMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9sLXZ6U1BO
MnVHZjhkckt5dVJCNHc5MUpTSU0uY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYzNjZDdjMjQtMTJjYi00YWJjLThmZDItNWUyYmNiYjg1YWU2
L2M2YzhjMmM4LTI2MTAtNGI0Ni05ZTU1LTY3YzEyY2VjY2JiZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9jM2NkN2MyNC0xMmNiLTRhYmMtOGZkMi01ZTJi
Y2JiODVhZTYvOTBjYTkwYTktYTEwYS00NGU3LTgyYjktMTM2NTc0NmJhNTVlLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJA+A/oAwDQYJKoZIhvcNAQELBQADggEBADHcQB5Tr80sW2OVGnme
EB4WgLp5yhtsbA4mtQNc90Q7ZwmEkn/tCzgRrzKIVWGHEMG8g1zZjDfeWR9jYtix
ZFO9gYd/p1idrStZVTDHmmmyBZYu3NwcVMHSZ5Y5FJIYtrrY0T4p+6VljV8Sk7ob
ExliBS6YcRWZwsj75SL0qXTLaQGl0TmuKVhnOZoSnEtQhi85ObhPzA2tttwNXBv1
zpNyKVZqhdnx9Cl312JPlAt3VzUSnSwBGDN7nX1OP1qfjWNa/ERCz2mc2/esGQP0
FjFghAKHwAYF213jZ/sm85gBIvNmKEyQrzcIy3oyUbR0L3oUFEt84135D7GCKmnL
9IA=
-----END CERTIFICATE-----